2
Security Context Major Security Themes: Frequency, size and duration of attacks are increasing Attacks are being mounted from all layers of the network Attacks from outsiders are increasing as a percentage of all attacks Attacks from organised crime now form the majority of attacks Security incidents have significant consequences: Damage to reputation and brand Loss of stakeholder confidence Loss of revenues Loss of customers Regulatory action/sanction Litigation/legal action Within the last 6 weeks more than 12 Organisations have been under attack

4
Security Consideration: Capacity Telstra maintains 100% physically separate Internet and Private IP networks: -Significant events on one network are isolated from the other logically and physically. -Internet and corporate traffic is physically separated from the Internet. Capacity is maintained in both networks at a level exceeding all other Australian providers allowing Telstra to manage extreme traffic events without customer interruption: -An Internet based DoS attack is isolated from critical business traffic. Even an attack of unprecedented scale on Telstra infrastructure would not affect traffic within the private IP Network (branch, call centre, corporate) Telstra NextIP Optus Internet Cleaning Large Attack Internet/IP Core Good Traffic Large Attack Good Traffic Corporate IP Voice Corporate IP Data Corporate IP Voice

5
Security Consideration: Visibility Telstra gathers detailed telemetry from all layers and devices in our networks to understand emerging threats and challenges. All data is integrated into Telstra Security Operations Centre monitoring. Telstra engages in a worldwide security community enabling the engagement of global peers in mitigation of security incidents and the gathering of intelligence where required. To fully protect customer, the Service Provider must have end-end visibility of all circuits that carry ANZ traffic. Any handoff to alternate carrier network is a vulnerability. Physical Data Link Network Transport Telstra Physical Data Link Network Transport OptusMonitor & Manager Gap Telstra Provides visibility at all network layers ensuring attacks are dealt with regardless of origin

6
Security Consideration: Capability Core The Telstra Security Operations Centre provides 24/7 monitoring across Telstra infrastructure using state of the art correlation tools and process all within a ASIO T4 certified centre. Any issues are escalated to the Telstra Computer Emergency Response Team (T-CERT), a dedicated security team to manage incidents. T-CERT engages any required resources from all operational and SME teams to investigate, mitigate and resolve any identified issue. T-CERT engages Telstra’s Network Hardening Teams to review the incident, quantify the lessons learned from the incidents and protect all other Telstra environments against similar classes of attack vector.

11
T-SOC Program Overview The T-SOC will deliver the following streams of work: Secure Service Management Facility – the building of ASIO T4 accredited facilities in Canberra and Sydney -The building of a primary T4 staff facility in Canberra replacing the Don Gray T4 people facility. This will provide flight deck space for the TSOC as well as workspace for staff supporting Government security accredited products – Managed Security, Secure MNS, Secure TIPT, Secure UC etc. -The building of a secondary T4 staff facility in Elizabeth St Sydney to a disaster recovery site for the T-SOC monitoring staff Toolset (Predominantly delivered by ”Project Enterprise”).- This project is to deliver all the necessary tools required to operate the T-SOC, e.g. SIEM, Scanners. Ticketing, problem and change will be delivered by standard tools. People, Process and Roles, Responsibilities (PPRR) – This project will deliver all the documentation required to operate the T-SOC. Web Portal (Leveraging TE&G Customer Portal) – This project will provide the Web presence for the T-SOC. The Web Portal will be the primary interface with customers providing reporting (security, problem and change management, etc), Security Bulletins, Threat Landscape, etc.

12
12 Commercial in Confidence – Version 1.0 What would a T-SOC Look Like? CERT team has small # FTE – virtual resources drawn in from OPS and PS as needed for incidents Over time this could merge with Network OPS as skill and technology develops All device up/down and generic health monitoring done here for Network and Security devices Shared, multi –tenanted tool. This will take log feeds from devices under shared management or dedicated In addition to raw security logs from devices, relevant event from the network monitoring tools will be fed into the corelation engine All ticketing performed and managed by the unified service desk Monitor security events from logs and correlation engine as well as announced vulnerabilities and patches

14
14 Commercial in Confidence – Version 1.0 What are the benefits of a T-SOC Effectively deal with Security Incidents The T-SOC would give customers the ability to move from a reactionary posture to one of preparedness. Rather than scrambling to respond to a security breach, the T-SOC would have a well-established processes to follow, to move fast and effectively, to isolate, contain, and diffuse the threat. Reduces Risks to Customers The T-SOC will enable customers to minimize security-related network downtime. By keeping pace with evolving threats, the T-SOC will better protect customers’ data traffic from loss or manipulation. Improves Security Response The T-SOC systematically analyses potential reasons for traffic abnormalities and appropriately elevates the events. By moving quickly, the T-SOC can deal with security incidents in minutes – not hours or days – greatly lessening potential disruption to customers critical services and business processes. Enhances Operational Efficiency By defining security rules and policies, the T-SOC specialists will be able to quickly identify threats and apply remedies to customer sites at risk before network attacks hit them. Comply with Regulations Customers often need to comply with regulations and policies governing the use, protection, or privacy of information. Customers can use reports that the T-SOC can generate, to help adhere to these regulations and policies, including the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and the data-security storage requirements associated with the payment card industry.